Our printer just spontaneously printed two strings...

My printer just did it again and woke me up! I actually had my Mac disconnected from the network as I was getting paranoid so can't be an OS X thing.

I have my printer connected via an Airport Express and just disabled Back to My Mac on the router, wonder if this will stop it happening again? Do you guys also have this enabled on your Airports?

For what it's worth, this happened to my HP printer (connected via wireless) at exactly the same time, and I have no Mac or other Apple equipment.

Ours has done the same thing 3 times this weekend. the printout we had was ö<de=IEEEMlsqlexec9.280.

Our printer is an Epson PX730WD and I have printed 2 pictures wirelessly from my iPhone 4 ?????

What's going on here

It is possible that nmap is scanning for server information. It is worth noting that RDS, sqlexec, and tlitcp are associated with the Informix DBMS. nmap includes an Informix library (and many others).

http://nmap.org

I suspect such scans on open ports are not unusual.

I too have had this problem.

I've reported the problem on the HP forums but all I got was this canned response...

http://h30434.www3.hp.com/t5/Printing-Issues-Troubleshooting/Random-strings-prin ted/td-p/1778381

You'd think HP might take a potential security issue seriously.

It would be advisable for anyone experiencing this issue to give a list of installed apps, to confirm that it is not a rogue app scanning your network from your device. If everyone experiencing the issue has a certain app installed, it may point to the issue.

What Operating system are you using? i.e. win 7 Home premium 64 bits.

This is the main support page for your printer, keep in your bookmark if you need to refer to it in a latert time.

http://h10025.www1.hp.com/ewfrf/wc/product?cc=us&dlc=en&lc=en&product=5063582&su bmit=&

Go to software and drivers download and select your operating system. You should also upgrade the firmware of the printer. if an upgrade is available.

After that if you still facing this issue, Please follow this link www.hp.com/go/tools. Download and use the HP Print and scan doctor, It will check for problems of the different functionality Printing, Scanning and connectivity fixing most of them, if the utility cannot fix the issue let me know I will give my best effort to provide other troubleshooting steps and help you with your issue.

HTH

Original Post - http://h30434.www3.hp.com/t5/Printing-Issues-Troubleshooting/Random-strings-prin ted/td-p/1778381

Thanks

Jagdish Chichria

Hi,

I'd say you're almost definitely correct with that. If the printers are listening on the Internet (have a public IP address) then they will get contacted by port scanners.

I use NMAP in my day job and I always make a point of avoiding fully scanning network printers as it tends to make them spit out large numbers of pages with odd characters on them.

the sqli and similar strings that people in this thread are seeing are likely from nmap probes looking to fingerprint the device.

If you want to reproduce it, doing nmap -A -v -n <my_ip_address_here> should work ok.

If you do have your printers listening on the Internet I'd recommend putting them behind a firewall as whilst nmap scans are not malicious in and of themselves they can be used by people with malicious intent.

A computer security tool called nmap was used on the public network you use (Cable, DSL, FiOS, etc.). While scanning ports, and sending prob strings to open ports, your public IP had an open port from Internet to your Printer. What you are seeing on the printout is a string attempting to prop SQLi port, but instead, ALL DATA RECEIVED ON PORT FORWARDED DIRECTLY TO PRINTER OUTPUT. That is, anything sent to that port of your public IP address gets printed.

Ask yourself: Do I have printing available from my iPhone or Android device? Did I install special software when I got my printer to do "printing from the web" on my computer? Did I enable printing from iCloud?

These are signes that your printer is just hanging off the public internet and anyone can send junk to your printer and it will print!

Interesting...I got a hit the other day from an IP address originating in Thailand (WHOIS query showed me who owned the range) that attempted to access my mysqld... Pass my firewalls and everything. LittleSnitch was what alerted me.

I'll be watching this thread

- MattD

I have so far been unable to replicate the fault by using nmap externally on my IP range and as far as I'm aware my router doesn't have any ports open to my router.

Just because this is an "ePrint" printer and it's "in the cloud" it does not mean the same thing as "publicly accessible".

Has anyone else been able to replicate this problem yet?

I just got home from vacation to find three of these printouts as well. I had no devices other than a Logitech Revue hooked up to my router all week so this isn't coming from a locally connected machine (at least any of mine). I do have a HP Deskjet 5900 printer hooked into the Time capsule.

Our Epson PX730 just did it again. This time with this string:

12345X@PJL INFO ID

12345X